The Essential 8: ASD’s strategies to mitigate cyber security incidents
Credit to Author: Katrina Fox| Date: Mon, 27 Mar 2017 15:24:26 -0700
The Australian Signals Directorate’s (ASD) ‘Essential 8’ strategies to mitigate cyber security incidents represent a set of cyber security best practices that, when implemented successfully, will provide your agency with a baseline cyber security posture.
The Essential 8 expand upon the ‘Top 4’ mitigation strategies, part of the government’s Protective Security Policy Framework, which have been mandatory for federal agencies since 2014. ASD has stated that implementing the Top 4 mitigation strategies will be able to prevent over 85% of unauthorised intrusions. There are a total of 37 mitigation strategies which, taken together, provide a comprehensive set of guidelines that can provide a basis for your agency’s appropriate use policy.
The Essential 8 and Fortinet
Fortinet’s security fabric is ideally situated to support almost all of the 37 mitigation strategies. With the FortiGate next generation firewall, the FortiOS secure operating system, and realtime updates from the FortiGuard threat intelligence service, you can ensure compliance and, indeed, automate many of these strategies. And ancillary solutions, such as FortiSandbox, FortiAuthenticator, and FortiAnalyzer, not only add critical additional features, but are able to scale up to the largest workloads.
The advantage of Fortinet’s Security Fabric is that all components are tightly integrated. This enables a synchronized, multi-level approach that provides comprehensive protection even if adversaries manage to break through one layer of your defensive measures, meaning they’ll be stopped before they can go further. Integration by design also means you can see every device on your distributed network, manage most of the day-to-day activities from a centralised dashboard, monitor traffic and application usage, and take quick action if any anomalous activity is detected. This is especially critical for advanced threat protection.
The Essential 8 strategies go a long way toward protecting your agency from security breaches and potentially damaging malware for a comparatively modest financial investment. While implementing these strategies will entail an investment of staff time and possible hardware / software upgrades, the costs involved will be considerably lower than cleaning up in the wake of a compromise.
The Essential 8 strategies
Here is a quick overview of the strategies.
- White Listing – First and foremost is application white listing. This feature allows only trusted applications to execute on your network. Pokemon Go or WordPress (both subjected to malware intrusions), for instance, have no business running on a government network.
- Patching Applications and Operating Systems – Two of the Top 4 strategies revolve around patching applications and operating systems. Every day, new vulnerabilities and exploits are uncovered and software vendors are continuously issuing patches to remedy the situation. Keeping your software updated should be one of your most important tasks.
- Restricture of Administrative Privileges – Tightly managing administrator privileges rounds out the Top 4 strategies. Administrators have great power…but it comes with great responsibility. Use it wisely.
The remaining four Essential 8 mitigation strategies are recommended but not yet mandatory. However, they are essential for securing your networks.
- Configure Microsoft Office macro settings – Web browsers and Microsoft Office macros are widely-used productivity tools for many government agencies. Two of the Essential 8 strategies focus on configuring browsers to restrict unauthorised apps from running and tightly controlling the use of macros.
- Harden User Applications – Essential 8 also recommends configuring web browsers to block Flash (ideally, uninstall it), ads, and Java on the Internet. Also disable unneeded features in Microsoft Office (e.g. OLE), web browsers, and PDF viewers to prevent malware from entering your network
- Multi-factor authentication – Strong access control is a critical part of any security strategy. Tokens, biometrics, and dual passwords are recommended for securing traffic beyond the firewall.
- Daily back-ups – Backups are absolutely critical, especially to minimise the threat from ransomware. Every agency, as well as every business and home user, should perform regular backups and have ‘full-metal’ restore and disaster recovery strategies in place.
Conclusion
These ASD Essential 8 mitigation strategies, when implemented correctly as an integral component of your overall security fabric, provide a compliance framework for your agency to ensure that your security defences are working together to provide optimal protection. These guidelines provide an excellent opportunity for you to systematically examine your complete network infrastructure, ensure that every component is correctly configured, and that you have installed the basic security features and procedures necessary to ensure business continuity.
The ASD’s Essential 8 mitigation strategies, along with the other 29 strategies, provide an excellent blueprint for security best practices. At the very least, you should download the checklist and do a quick stock-take on which you already employ, which are on your ‘to-do’ list, which ones are slated for later, and which you hadn’t considered.
More work? Probably. More expense? Possibly. More protection? Absolutely. The Australian Signals Directorate has laid down the challenge: Are you doing all you can to protect your agency, people, data and applications? You owe it to your stakeholders – and the public – to ensure that these mitigation strategies are implemented and maintained. Fortinet’s family of integrated and automated security solutions and professional security consultants are here to help.